Lucene search
+L

360 matches found

Cvelist
Cvelist
added 2026/03/20 7:21 a.m.23 views

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS0.00289EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 7:21 a.m.8 views

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS5.8AI score0.00289EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 7:21 a.m.4 views

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS5.9AI score0.00289EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 5:38 a.m.10 views

CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...

8.6CVSS5.9AI score0.00453EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.14 views

PT-2026-26767

Summary The isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching them with curl, but the IPv4-mapped IPv6 prefix passes all checks, allowing an...

8.6CVSS5.8AI score0.0032EPSS
Exploits1References5
NVD
NVD
added 2026/03/19 4:16 p.m.7 views

CVE-2026-30404

The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...

7.5CVSS0.00253EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 12:59 p.m.6 views

GHSA-3XM7-QW7J-QC8V SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/18 12:59 p.m.8 views

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/18 12:0 a.m.22 views

SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/17 8:33 p.m.11 views

AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...

8.6CVSS5.9AI score0.00453EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/12 2:23 p.m.5 views

EUVD-2026-11381

SiYuan has a Full-Read SSRF via /api/network/forwardProxy...

8.3CVSS5.8AI score0.00278EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:45 p.m.2 views

CVE-2026-32133

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/11 9:45 p.m.9 views

EUVD-2026-11414

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 9:45 p.m.2 views

CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References1
NVD
NVD
added 2026/03/11 9:16 p.m.8 views

CVE-2026-32110

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS0.00278EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 8:38 p.m.1 views

CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 8:38 p.m.17 views

CVE-2026-32110

SiYuan (personal knowledge management system) suffers a Full-Read SSRF via the /api/network/forwardProxy endpoint prior to version 3.6.0. Authenticated users can supply a user-controlled URL and trigger the server to fetch arbitrary HTTP resources, with the system returning the full response body...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/11 8:38 p.m.4 views

CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy

SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...

8.3CVSS5.9AI score0.00278EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.11 views

PT-2026-24856

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

9.1CVSS5.9AI score0.00505EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

SiYuan 代码问题漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of URL validation in the/api/network/forwardProxy endpoint. This allowed authenticated users to make...

8.3CVSS7.5AI score0.00278EPSS
Exploits1References1
Rows per page
Query Builder